BIT-libphp-2026-7568
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/libphp/BIT-libphp-2026-7568.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-libphp-2026-7568
- Aliases
-
- BIT-php-2026-7568
- BIT-php-min-2026-7568
- CVE-2026-7568
- Published
- 2026-05-12T08:50:34.032Z
- Modified
- 2026-05-12T10:56:26.660139482Z
- Summary
- Signed integer overflow in metaphone()
- Details
-
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed integer overflow occurs, resulting in undefined behavior. This can lead to an out-of-bounds read, causing a segmentation fault or access to unrelated memory, and may affect the availability of the PHP process.
- Database specific
{ "cpes": [ "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" ], "severity": "Medium" }- References
Affected packages
Bitnami / libphp
Package
- Name
- libphp
- Purl
- pkg:bitnami/libphp
Severity
- 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:L/U:Amber CVSS Calculator